The Agent Skills Directory

[SAFE]: The skill follows security best practices for webhook handling, including timing-safe signature verification and proper secret management. No malicious patterns, obfuscation, or persistence mechanisms were detected.- [EXTERNAL_DOWNLOADS]: The documentation recommends installing the 'hookdeck-cli' tool for local development. This tool is provided by the skill's author ('hookdeck') and is used for its intended purpose of local webhook debugging.- [PROMPT_INJECTION]: The skill handles untrusted data from ElevenLabs webhook payloads, which is a potential surface for indirect prompt injection. However, the skill implements robust mitigation through mandatory signature verification. * Ingestion points: Webhook request bodies in the Express, Next.js, and FastAPI examples. * Boundary markers: The skill requires verifying the 'ElevenLabs-Signature' header before processing any payload data. * Capability inventory: The example code is restricted to logging and simple event processing; no dangerous functions such as 'eval()' or 'subprocess' calls are present. * Sanitization: Signature verification using the official ElevenLabs SDK or manual HMAC-SHA256 checks ensures that only authentic messages from ElevenLabs are processed.

elevenlabs-webhooks